Navy lays course for Second Fleet migration to NMCI

The Navy Marine Corps Intranet is entering the last year of its contracted life. After 10 years, the network has become one of the most reliable and secure networks in the Defense Department after starting as a frequent target of ridicule for what some involved with the program characterize as justified complaints.

As evidence of the Navy’s continuing reliance on NMCI, the network recently gained more customers: the headquarters of Commander, Second Fleet (C2F) and the Second Fleet’s newly established Maritime Operations Center. MOCs are regional command and control centers that give joint and Navy fleet commanders an overview of their forces' location and status, in addition to other information that help commanders make decisions.

The goal of using NMCI for the C2F MOC is partially to enhance decision-making through improved collaboration, but the need for increased cybersecurity was also a major factor, Navy Capt. Jeff Link, C2F's director of command, control, communications, and computers, said in a statement issued by C2F’s public affairs office.

“Working under tight restrictions and timelines, the coordination between the organizations involved in transitioning the systems to NMCI worked out extremely well," he said.

First of a kind

The C2F MOC is the first to be built using NMCI's infrastructure. NMCI is also providing interoperability between the fleet’s networks and NMCI to maintain and improve command and control capabilities.

C2F also moved its unclassified network into NMCI. About 1,000 users, 74 applications and 20 systems were moved onto NMCI’s managed infrastructure. The transition was completed in August, and C2F’s systems — and its MOC — are fully operational.

Consolidating C2F’s network to NMCI and building the MOC on NMCI’s Secret IP Router Network connectivity are expected to reduce operations costs. But the biggest benefit might be improved security. By consolidating C2F into the Navy’s biggest enterprise network, C2F might have needed to compromise some of the configuration of its systems. But in exchange, the command has gained better security and configuration management.

Navy Chief Information Officer Robert Carey has made consolidating the Navy’s disparate networks a major element of the Navy’s strategic vision for its networks, as laid out in the Navy Networking Environment 2016 strategy paper, published in May 2008.

“It is the Navy and Marine Corps’s goal that most of the Navy’s and many of the Marine Corps’s legacy networks will either be consolidated into existing enterprise networks or eliminated,” task force authors noted in the document. “A limited number of legacy networks will be permitted to continue operations as ‘excepted’ networks.”

C2F was previously exempted from using NMCI because it was a command and control organization. Navy officials chose to go forward with a plan for the Navy’s new MOCs based on NMCI’s infrastructure, according to a statement from the NMCI Program Office provided by Denise Deon, the NMCI Program Office public affairs officer.

“This hybrid approach utilizes the strongest assets from the NMCI and ISNS networks to create an interoperable and flexible MOC solution.” ISNS, also known as Afloat Networks, is a combination of shipboard local-area networks and a wide-area network connecting to the fleet, and it is one of the shipboard networks that the Navy’s Consolidated Afloat Networks and Enterprise Services program is intended to pull into its architecture.

Major domains

The Navy has four major network domains:

NMCI ashore at facilities within — and some outside — the continental United States.

The Outside Continental United States Navy Enterprise Network for facilities overseas.

The Marine Corps Enterprise Network tactical network.

The Information Technology for the 21st Century portfolio of programs that included ISNS, satellite communications systems and shore-based support systems for fleet data communications and services.

But there are also more than 500 existing networks by the Office of the Department of the Navy CIO’s count. That vast number of networks makes creating a totally secure Navy networking environment nearly impossible.

“If a hacker is able to get access to a very limited number of systems, or even just a single system within an environment, they can use the trust relationships that exist with just that one system to broaden the attack to the point where it compromises other systems” said Ron Ritchey, a principal at Booz Allen Hamilton.

“If you allow an environment to grow up where you have an unrestrained number of configurations, the one thing that you're absolutely guaranteed is that some of the systems are going to be more secure and some of the systems are going to be less secure,” he said. “You leave yourself open to the least common denominator of security that's in your environment.”

To prevent that, organizations should consolidate networks and reduce the number of configurations of systems allowed to run on them, Ritchey said.

“By negotiating a common standard that may not be 100 percent of what you want but is 98 percent of what you want and deploying that widely, you're making your environment less complex," he said. "And that makes it easier to manage and to take advantage of things like automated patch management. The problem with patch management is if you push out a patch in an unmanaged environment, you're going to break things because you can't test the patch against 1,000 configurations. If you have a limited set you're managing, that's practical. You can test to that and push that patch out because you’re able to test it thoroughly.”

Consolidation also makes it easier to centrally manage and support networks. “The benefits of consolidation are that this is a very challenging job, the number of threats are growing exponentially, and the DOD network is continuing to grow,” said Tom Conway, director of federal business development at McAfee, which provides much of the technology behind NMCI’s security management. "You always have a personnel situation there — where do you have the best trained people to handle all this? Luckily, the tools have come to the point where it's easier to do this through automation, through consolidation and centralization — [letting you] put your best people on the critical points of the network.”

Demonstrated benefits

Those benefits have been demonstrated by NMCI, Conway said. “I think NMCI is in a good situation. They have more complete visibility into what their network looks like. They can push a policy and make it stick really rapidly, whereas other organizations within DOD aren't at that point yet because they have very heterogeneous networks, and in some cases, they don't even have full situational awareness of what their networks look like.”

He said those capabilities are something the Navy is looking to build on and extend with the Next-Generation Enterprise Network procurement, which will eventually subsume NMCI.

inside gcn

Reader Comments

Thu, Nov 12, 2009

NMCI costs the DoN enormous sums of money to maintain, and certainly agreeing to a future enterprise contract will have more detailed lessons learned and vetting processes (NGEN, PMW-210 folks, I'm talking to you). The DoN needs more C2 with NGEN, instead of issuing lengthy GDA to groups that serve only to decrease production. NMCI should NOT be described, however, as being like a terrorist or an enemy combatant - we should all work to improve this instead of making idle comments about functionality.

Wed, Nov 4, 2009
Good ol' USA

I have to agree with the first comment that NMCI is more harmful than terrorists. The costs of NMCI are not easily discerned but exist everywhere the network touches. NMCI is unresponsive to commander's needs, fields outdated computing hardware and software, and represents a threat to functional C2. Ever wonder why the Marine Corps NEVER transitioned SIPRNet to NMCI? They have a new network now called Marine Corps Worldwide (MCW), which prepares the service for transition to NGEN.

Thu, Oct 22, 2009

The cost is enormous and the items are dated, but I don't think the NMCI program team could or would destroy any of our personnel, civilians, or national landmarks. Let's not compare a computer network's expenditures to terrorist attacks!

Sat, Oct 10, 2009

I have had to live with the nmci network for all of those 10 years as our base was the first or one of the first to be forced to switch to nmci. It is my personal opinion that nmci has done more harm to the Navy than any and all terrorists could ever hope to do. The cost is insane. The equipment is the cheapest most dated crap anyone would still sell. The process to have a change made to a machine takes more than a year. If you had ever had to use an nmci machine you would have written this story in a much different light and probably on your machine at home.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.